Hello GrayLog Experts,
I am using docker for GrayLog as follows:
mongo:3
docker.elastic.co/elasticsearch/elasticsearch:5.6.2
graylog/graylog:2.4.0-1
I have an index retention config for 3 GB per index up to a total of 20 indices. My retention strategy is to Delete the Index. But for some reason, the indices do not delete even though the GRayLog UI indices shows it only has the last 20 indices. Disk space rapidly reaches 100% usage on a 500GB disk. However, when I stop the grayLog and elastic docker containers, disk space is released and then disk usage returns to 10% from 100%. It is almost like the indices are not deleted until I stop the docker container.
Any ideas on how to handle this? I use the following docker run commands to mount the file on the host system:
docker run --name mongo
-v /home/centos/mongo/data:/data
-d mongo:3rd_place_medal:
docker run --name elasticsearch
-e “http.host=0.0.0.0” -e “xpack.security.enabled=false”
-v /home/centos/elasticsearch/scripts:/usr/share/elasticsearch/config/scripts
-v /home/centos/elasticsearch/data:/usr/share/elasticsearch/data
-d docker.elastic.co/elasticsearch/elasticsearch:5.6.2
sleep 60
docker run --link mongo --link elasticsearch --name graylog
-p 9000:9000 -p xxxx:xxxx -p xxxx:xxx/udp -p xxx:xx
-e GRAYLOG_PASSWORD_SECRET=xxxxxxxx
-e GRAYLOG_ROOT_PASSWORD_SHA2=xxxxxxxx
-e GRAYLOG_WEB_ENDPOINT_URI=“xxx://xxxxxxxxxx”
-v /home/centos/graylog/data/journal:/usr/share/graylog/data/journal
-d graylog/graylog:2.4.0-1
The file that is consuming all disk space is /var/lib/containers//.json
Why is this file not getting purged with the retention strategy?
Thanks!